<?php
session_start();

$username = $_POST["inputUsername"];
$username = mysql_real_escape_string($username);
$password = $_POST["inputPassword"];
$password = mysql_real_escape_string($password);
$permission = $_POST["selectPermission"];

$con = mysql_connect('localhost', 'root', '');
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("a3437560_hrsys", $con);

$sql = "SELECT * FROM `hrsys`.`users_login` WHERE username = '$username' AND password = '$password' 
          AND level = '$permission' ";

$result = mysql_query($sql);

while($row = mysql_fetch_array($result))
  {
    $_SESSION['id'] = $row['id'];
    $_SESSION['username'] = $row['username'];
    $_SESSION['level'] = $row['level'];
    $myFile = "user_login.xml";
    $fh = fopen('log/' . $myFile, 'a') or die("can't open file");
    $stringData = date("d-m-Y H:i:s") . ' : ' ;
    fwrite($fh, $stringData);
    $stringData = 'ID: ' . $row['id'] . ' Username: ' . $row['username']
                  . ' Password: ' . $row['password'] . PHP_EOL;
    fwrite($fh, $stringData);
    fclose($fh);
  }

if(mysql_num_rows($result) > 0){
  $_SESSION['response'] = 'Welcome, ' . $_SESSION['username'];
  $_SESSION['welcomeMsg'] = $_SESSION['response'];
  header("Location: welcome.php");
  exit;
}
else
{
  $_SESSION['response']= 'Incorrect username or password, please try again';
  header("Location: index.php");
  exit;
}

mysql_close($con);

?>